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Article history: Outsourcing of scientific computations is attracting increasing attention since it 
i enables the customers with limited computing resource and storage devices to 
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outsource the sophisticated computation workloads into powerful service providers. 
However, it also comes up with some security and privacy concerns and challenges, 
such as the input and output privacy of the customers, and cheating behaviors of the 
cloud. Motivated by these issues, this paper focused on privacy-preserving Linear 
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Fractional Programming (LFP) as a typical and practically relevant case for verifiable 
Certificate validation LFP secure multiparty computation. We will investigate the secure and verifiable schema 
Computation outsourcing with correctness guarantees, by using normal multiparty techniques to compute the 
Verifiable computation result of a computation and then using verifiable techniques only to verify that this 
Verifiable secure computation result was correct. 
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1. INTRODUCTION 

The powerful advantage of cloud computing is called outsourcing, where the customers with limited 
computing resource and storage devices can outsource the sophisticated computation workloads into powerful 
service providers. Despite the tremendous benefits, there are many challenges and security concerns because 
the cloud server and customer are not in the same trusted domain, to avoid these problems [1-4]. First, to combat 
the security concern is applying encryption techniques to customer’s sensitive information before outsourcing 
to the cloud but still, there is a challenge how makes the task of computation over encrypted data [5,6]. Second, 
no guarantee from the cloud on the quality of the computed data and results. For instance, solving financial 
linear programs is useful for optimizing global profits confidentiality is important because the inputs are 
sensitive information from multiple companies but correctness is important because the outcome represents 
financial value. 

In theory, correctness and privacy can be achieved by producing cryptographic proofs of correctness 
in a multi-party way [7,8]. In [9] They achieved Correctness by replicating a computation and comparing 
the results this done against uncorrelated failure. Without assuming uncorrelated failure or trusted hardware 
the correctness can be done e.g., [10] by instead producing cryptographic proofs of correctness. Also, privacy 
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can be done when the computation achieved by multiple computation parties using multiparty computation 
protocols e.g. [11,12]. 

In this paper, we want to be sure that the results are correct and with the multiple mutually distrusting 
in putters, also we want to guarantee the privacy of the inputs. We present certificate validation as a general 
technique for achieving verifiable secure computation of linear fractional programming. We use of El-Gamal 
encryption [13-15] by combining the computation stage and the validation stage rather than using expensive 
encryption schemes such as Paillier’s cryptosystem. 

The rest of the paper is organized as follows: section 2. Shows verifiable computation schema. 
In section 3. We describes the system model of our proposed Protocol for privacy-preserving outsourcing LFP. 
In section 4. We provide experimental result analysis for the proposed schema. At last the work conclusion is 
presented in section 5. 


2. VERIFIABLE COMPUTATION 

Verifiable computation has been studied by plenty of researchers in various application scenarios. 
They researched widely how to verify the correctness of computations performed by untrusted parties (without 
privacy) [16-21]. 
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Figure 1. System Structure of Verifiable Computation Scheme. 


Verifiable computation schemes are normally based on either computation complexity theory or 
cryptographic algorithms. Data and computations can be outsourced to another party in order to obtain 
a processing result in return. However, whether the result is right or wrong could cause a potential risk 
for a data processing result requester. For outsourced data processing and computations, verification of the 
computation results is a critical issue to ensure the trust of Computation-as-a-Service [22]. 


3. PROTOCOL FOR PRIVACY-PRESERVING OUTSOURCING LINEAR FRACTIONAL PRO- 
GRAMMING 

We present main protocol for privacy-preserving outsourcing with correctness guarantees. 

We compute a solution and a so-called certificate using normal multiparty computation, and then produce 
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a proof that the solution is valid with respect to the certificate using the El-Gamal-based proofs [23]. 


3.1. Functions of certificates and validating 

To efficiently validate a computation result, we use certificates. In complexity theory, a certificate is 
a proof that a value lies in a certain set that can be verified in polynomial time. 

Let S1, S2 be sets and Y C Sı. A polynomial time computable predicate |p C Sı x S2] is called 
a validating function for Y if Y = {w € Sı|ac € S2 : y(w,c)}. If (w,c)w € Y. In our case, 
a computation is given by a computation function y (y,a,r), and a validating function y (y,a,r). Here, on 
input x, function f computes function output r and certificate a; validating function y checks that r is a valid 
output with respect to x and a. We require that if (a,r) = f(y), then y(y,a,r), but we do not demand 
the converse: the outcome of the computation might not be unique, and might merely check that some correct 
solution was found, not that it was produced according to algorithm f. (For instance, a square root finder may 
return the positive square root while negative square root is also valid.) In our case study, we use that the 
optimality of a solution to a LFP can be efficiently validated using a certificate. 





3.2. The verifiable multiparty computation protocol by certificate validation 

We present Verifiable Multiparty computation protocol by certificate validation (VerMPC) protocol to 
compute (a,r) = f(a), and prove this result X; is correct. We use passively secure multiparty computation 
protocols based on (t, n) Shamir sharing with n = 2t + 1. In these protocols, the input parties encrypt and 
announce their inputs, then makes a proof of knowledge of the corresponding plaintext then broadcast for 
this encryption and proof. Next, the parties provide the plaintext and randomness of the encryption to the two 
computation parties who will later prove the result is correct. The two computation parties check if the provided 
sharing of the input is consistent with the encryptions that were broadcast for preventing corrupted input parties 
learns information about both their encrypted and their secret shared inputs, this done by encrypting their shares 
of the inputs then using the homomorphic property of the cryptosystem for checking correctness. Then, the 
actual computation takes place in the third computation party. The two parties holding additive shares of the 
input Shamir-share them between all three computation parties, then the computation is performed between the 
three parties. These two of the computation parties produce the encrypted result and prove its correctness [24]. 
The computation parties send their additive shares of the result and the randomness of their encryption shares 
results to the resulting party (the encryptions of the certificate and proof of correctness) [13,25-27]. The result 
party checks the proofs of knowledge provided by the in putters computes the encrypted results from its shares 
and use Verify algorithm to verify the correctness. 
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Figure 2. System structure of verifiable computation protocol by certificate validation 
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3.3. Secure and verifiable linear fractional programming 
The LFP is a special class of mathematical optimization expressed in the following standard 
form [28]: 








cy+ ô 
max Z= 
dy +§ 
S.t. Ay<b, By>0, (1) 


where (1) the objective function is a linear fractional function (ratio of two linear functions) y is an n x 1 vector 
of variables which are to be determined, c and d are n x 1 column vectors of coefficients, and set of constraints 
are a system of linear equalities and inequalities (affine constraints) A is m x n matrix of coefficients, b is 
m x 1 column vector of coefficients and ô, € are constants. B is n x n nonsingular matrix. For instance, 
the LFP represents the problem to find x1, x2 satisfying 





2x41 + 3x2 
Mart Z = —,_, 
zı +z2 +1 
S.t. 
L117 iie < 3 
Tti T 2T2 < 3 
tita > 0. 


To find the optimal solution of a fractional linear program, typically an iterative algorithm called the simplex 
algorithm is used after convert LFP to LP [29]. 


max F(y) = 2y1 + 3y2 





S.t. 
4y1 + 4y2 <3 
4yı + 5y2 < 3 
Y1, Y2 = 0. 


a(i J0 


Each iteration involves several comparisons and a Gaussian elimination step, making it quite heavy 
for multiparty computation. For relatively small instances, passively secure linear fractional programming 
is feasible [11], but actively secure MPC much less so when including pre-processing. 

Theorem: We prove that y it is optimal using the optimal solution p of the so-called dual LP 
maximise b-p suchthatA-p<c,p< 0. 





Proof: The solutions (%,---,%) and (™,---,®@) (y € Z*, pe Z™,q E N+) are both 
optimal if the following conditions hold: 
q21,; pb=c-y A-ysq-b y2 0; 
AT-p<q-c, p< 0. 


Also, the simplex algorithm for finding y turns out to also directly give p. To turn the above criterion into 
a set of polynomial equations, we define the certificate to consist of bit decompositions of (q -b — A - y);, 
yi, (q-e— AT- p) p and — pi, and prove that each bit decomposition bo, b1, ... sums up to the correct value 
v (with equation v = bọ + 2 -bı +---) and contains only bits (with equations b; - (1 — b;) = 0). 
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4. EXPERIMENTAL RESULT 

The experimental results are the average of multiple trials. We design numerical experiments to 
evaluate the efficiency of the mechanism. We ran our mechanism on several LFPs. We measured the time 
to solve the LFP and to compute the certificate (this depends on the LFP size, number of iterations needed, 
and the bit length for internal computations), the time for PolyProve to produce a proof, and for Poly Ver 
to verify it (this depends on the LFP size and bit length for the proof). Figure 3. Shows the performance 
numbers of our experiments. 


Table 1. Performance of the proposed scheme for infeasible case 











Problem No. of Verify Prove Compute 
Size Iterations Algorithm Algorithm Certificate 
m=5, n=5 4 11.450 85 110 
m=20, n=20 9 79.50 200 347 
m=48, n=70 25 300.340 986 1100 
m=103, n=150 62 1000 4806 8500 
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Figure 3. Time cost for each phase of verifiable secure computation of LFP using certificate validation 


For the LFPs in our experiments, we find that producing proof adds little overhead to compute the 
solution and that verifying the proof is much faster than participating in the computation. As a consequence, 
for the recipient, outsourcing both guarantees correctness and saves time compared to participating in the 
computation. In general, one expects the difference between computing the solution and proving its correctness 
to be more pronounced for larger problems: indeed, both the computation and the correctness verification scale 
in the size of the LFP, but computation additionally scales in the number of iterations needed to reach the 
optimal solution. This number of iterations typically grows with the LFP size. However, we only found this 
for the biggest LFP, where proving is over four times faster than computing, for the other programs, this factor 
was around two. An explanation for this is that also the bit length of solutions (which influences proving time) 
typically grows with the number of iterations. 


5. CONCLUSION 

In this paper, we combined passively secure three-party computation with El-Gamal-based proofs. 
We have shown how to use certificate validation to obtain correctness guarantees for privacy-preserving 
outsourcing of LFP. The security guarantees of our model lie in between passive security (that does not 
guarantee correctness in case of active attacks) and active security (that also guarantees privacy in this case). 
For LFP, verifying results takes much less time than participating in an actively secure computation; in fact, 
it even takes less time than participating in a passively secure computation without any correctness guarantees. 
Hence, for computations on inputs of mutually distrusting parties, privacy-preserving outsourcing with correct- 
ness guarantees provides a compelling combination of correctness and privacy guarantees. 
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